Known Good Mailers that Have Trouble with Greylisting

There are some problems with greylisting. Be sure to read the whitelisting section at greylisting.org. I have taken its whitelist and added it to my whitelist (/usr/local/etc/spamd-mywhite). Also in that file are my own mailservers and any special places which are immune to any spamd intervention.

3 declares a table of locations to exempt from greylisting. I maintain this table manually.

6 makes everyone in the whitelist go straight to the mail server.

7 makes everyone on the greylist go straight to spamd.

8 forces everyone not on my whitelist to talk to spamd.

10-11 feed data to pflog, which spamlogd will monitor and use to update the spamd table.

Note that the use of pass on the RDR rules is significant. Here's an explanation from the OpenBSD PF FAQ:

NAT and Packet Filtering

NOTE: Translated packets must still pass through the filter engine and will be blocked or passed based on the filter rules that have been defined. The only exception to this rule is when the pass keyword is used within the nat rule. This will cause the NATed packets to pass right through the filtering engine.

Also be aware that since translation occurs before filtering, the filter engine will see the translated packet with the translated IP address and port as outlined in How NAT Works.

In short, if you're on a whitelist (either spamd's whitelist or my whitelist), you go straight to the mail server. Everyone else goes to spamd.

On your first visit to spamd, you are asked to come back later. If you do, then you're asked to try again and are added to the whitelist.

By the way, after making changes to /usr/local/etc/spamd-mywhite, tell PF to notice the changes: